Red Hat Product Errata RHSA-2025:10073 - Security Advisory
Issued:
2025-07-01
Updated:
2025-07-01

RHSA-2025:10073 - Security Advisory

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

  • firefox: Content-Disposition header ignored when a file is included in an embed or object tag (CVE-2025-6430)
  • firefox: Use-after-free in FontFaceSet (CVE-2025-6424)
  • firefox: Incorrect parsing of URLs could have allowed embedding of youtube.com (CVE-2025-6429)
  • firefox: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID (CVE-2025-6425)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2374555 - CVE-2025-6430 firefox: Content-Disposition header ignored when a file is included in an embed or object tag
  • BZ - 2374559 - CVE-2025-6424 firefox: Use-after-free in FontFaceSet
  • BZ - 2374561 - CVE-2025-6429 firefox: Incorrect parsing of URLs could have allowed embedding of youtube.com
  • BZ - 2374562 - CVE-2025-6425 firefox: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID

Red Hat Enterprise Linux for x86_64 10

SRPM
firefox-128.12.0-1.el10_0.src.rpm SHA-256: 00cc52aa6710cdfe7c5ab91841e58bd46cdfae5712fdb9d788ebf96355bc0c55
x86_64
firefox-128.12.0-1.el10_0.x86_64.rpm SHA-256: 5888bc52c33cb1c457cf3f60c3f247369f92439141e2ecdc86a2b6d7cb3494bb
firefox-debuginfo-128.12.0-1.el10_0.x86_64.rpm SHA-256: 92cd81699dd1bcb857375be7f848fc7281d22367549e235bb0fcd4dce168c6be
firefox-debugsource-128.12.0-1.el10_0.x86_64.rpm SHA-256: cc0ed837674b1e01135ccee9bab980dbd687a46ed8f5056889b3467448108926

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
firefox-128.12.0-1.el10_0.src.rpm SHA-256: 00cc52aa6710cdfe7c5ab91841e58bd46cdfae5712fdb9d788ebf96355bc0c55
x86_64
firefox-128.12.0-1.el10_0.x86_64.rpm SHA-256: 5888bc52c33cb1c457cf3f60c3f247369f92439141e2ecdc86a2b6d7cb3494bb
firefox-debuginfo-128.12.0-1.el10_0.x86_64.rpm SHA-256: 92cd81699dd1bcb857375be7f848fc7281d22367549e235bb0fcd4dce168c6be
firefox-debugsource-128.12.0-1.el10_0.x86_64.rpm SHA-256: cc0ed837674b1e01135ccee9bab980dbd687a46ed8f5056889b3467448108926

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
firefox-128.12.0-1.el10_0.src.rpm SHA-256: 00cc52aa6710cdfe7c5ab91841e58bd46cdfae5712fdb9d788ebf96355bc0c55
s390x
firefox-128.12.0-1.el10_0.s390x.rpm SHA-256: 7ecadb39e615a00b3933f12ce25957941348ddbec38d8f2d05c7987a9b66e6dd
firefox-debuginfo-128.12.0-1.el10_0.s390x.rpm SHA-256: d2ee788d869d2f8c440b5353c76666746fba2c6c1e8e77a47ed53f15e5ed1f9f
firefox-debugsource-128.12.0-1.el10_0.s390x.rpm SHA-256: 971a8429519db05af59b9104de98e38421e6b40ad73c8ceb6b42c8a9dc3b7071

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
firefox-128.12.0-1.el10_0.src.rpm SHA-256: 00cc52aa6710cdfe7c5ab91841e58bd46cdfae5712fdb9d788ebf96355bc0c55
s390x
firefox-128.12.0-1.el10_0.s390x.rpm SHA-256: 7ecadb39e615a00b3933f12ce25957941348ddbec38d8f2d05c7987a9b66e6dd
firefox-debuginfo-128.12.0-1.el10_0.s390x.rpm SHA-256: d2ee788d869d2f8c440b5353c76666746fba2c6c1e8e77a47ed53f15e5ed1f9f
firefox-debugsource-128.12.0-1.el10_0.s390x.rpm SHA-256: 971a8429519db05af59b9104de98e38421e6b40ad73c8ceb6b42c8a9dc3b7071

Red Hat Enterprise Linux for Power, little endian 10

SRPM
firefox-128.12.0-1.el10_0.src.rpm SHA-256: 00cc52aa6710cdfe7c5ab91841e58bd46cdfae5712fdb9d788ebf96355bc0c55
ppc64le
firefox-128.12.0-1.el10_0.ppc64le.rpm SHA-256: c6b38b68c19df304d50af7f710f86192e085780b4e9ad269d50acca02e1609c5
firefox-debuginfo-128.12.0-1.el10_0.ppc64le.rpm SHA-256: 5bed87db50ba2170b32523e9d3dbf5adac086cb14755b4f125a7099d737515bd
firefox-debugsource-128.12.0-1.el10_0.ppc64le.rpm SHA-256: 51f4d7e68e43d4752d800825811cdceee80783d48bad37ccb3d8b1008ca825a9

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
firefox-128.12.0-1.el10_0.src.rpm SHA-256: 00cc52aa6710cdfe7c5ab91841e58bd46cdfae5712fdb9d788ebf96355bc0c55
ppc64le
firefox-128.12.0-1.el10_0.ppc64le.rpm SHA-256: c6b38b68c19df304d50af7f710f86192e085780b4e9ad269d50acca02e1609c5
firefox-debuginfo-128.12.0-1.el10_0.ppc64le.rpm SHA-256: 5bed87db50ba2170b32523e9d3dbf5adac086cb14755b4f125a7099d737515bd
firefox-debugsource-128.12.0-1.el10_0.ppc64le.rpm SHA-256: 51f4d7e68e43d4752d800825811cdceee80783d48bad37ccb3d8b1008ca825a9

Red Hat Enterprise Linux for ARM 64 10

SRPM
firefox-128.12.0-1.el10_0.src.rpm SHA-256: 00cc52aa6710cdfe7c5ab91841e58bd46cdfae5712fdb9d788ebf96355bc0c55
aarch64
firefox-128.12.0-1.el10_0.aarch64.rpm SHA-256: 90ab25c690e7580e8a4e784c20f35584421314ca0a66bc9940a84712bc21757b
firefox-debuginfo-128.12.0-1.el10_0.aarch64.rpm SHA-256: 9c5090f9f2cc078ca8ebe61af2c5f7983e7e8b92f4f6d9da0b5d4d2e4d362095
firefox-debugsource-128.12.0-1.el10_0.aarch64.rpm SHA-256: 5cf52a3360293ea2cbdb230e39f9c067d660fff295822ee3f8b2351369819e87

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
firefox-128.12.0-1.el10_0.src.rpm SHA-256: 00cc52aa6710cdfe7c5ab91841e58bd46cdfae5712fdb9d788ebf96355bc0c55
aarch64
firefox-128.12.0-1.el10_0.aarch64.rpm SHA-256: 90ab25c690e7580e8a4e784c20f35584421314ca0a66bc9940a84712bc21757b
firefox-debuginfo-128.12.0-1.el10_0.aarch64.rpm SHA-256: 9c5090f9f2cc078ca8ebe61af2c5f7983e7e8b92f4f6d9da0b5d4d2e4d362095
firefox-debugsource-128.12.0-1.el10_0.aarch64.rpm SHA-256: 5cf52a3360293ea2cbdb230e39f9c067d660fff295822ee3f8b2351369819e87

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
firefox-128.12.0-1.el10_0.src.rpm SHA-256: 00cc52aa6710cdfe7c5ab91841e58bd46cdfae5712fdb9d788ebf96355bc0c55
aarch64
firefox-128.12.0-1.el10_0.aarch64.rpm SHA-256: 90ab25c690e7580e8a4e784c20f35584421314ca0a66bc9940a84712bc21757b
firefox-debuginfo-128.12.0-1.el10_0.aarch64.rpm SHA-256: 9c5090f9f2cc078ca8ebe61af2c5f7983e7e8b92f4f6d9da0b5d4d2e4d362095
firefox-debugsource-128.12.0-1.el10_0.aarch64.rpm SHA-256: 5cf52a3360293ea2cbdb230e39f9c067d660fff295822ee3f8b2351369819e87

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
firefox-128.12.0-1.el10_0.src.rpm SHA-256: 00cc52aa6710cdfe7c5ab91841e58bd46cdfae5712fdb9d788ebf96355bc0c55
s390x
firefox-128.12.0-1.el10_0.s390x.rpm SHA-256: 7ecadb39e615a00b3933f12ce25957941348ddbec38d8f2d05c7987a9b66e6dd
firefox-debuginfo-128.12.0-1.el10_0.s390x.rpm SHA-256: d2ee788d869d2f8c440b5353c76666746fba2c6c1e8e77a47ed53f15e5ed1f9f
firefox-debugsource-128.12.0-1.el10_0.s390x.rpm SHA-256: 971a8429519db05af59b9104de98e38421e6b40ad73c8ceb6b42c8a9dc3b7071

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
firefox-128.12.0-1.el10_0.src.rpm SHA-256: 00cc52aa6710cdfe7c5ab91841e58bd46cdfae5712fdb9d788ebf96355bc0c55
ppc64le
firefox-128.12.0-1.el10_0.ppc64le.rpm SHA-256: c6b38b68c19df304d50af7f710f86192e085780b4e9ad269d50acca02e1609c5
firefox-debuginfo-128.12.0-1.el10_0.ppc64le.rpm SHA-256: 5bed87db50ba2170b32523e9d3dbf5adac086cb14755b4f125a7099d737515bd
firefox-debugsource-128.12.0-1.el10_0.ppc64le.rpm SHA-256: 51f4d7e68e43d4752d800825811cdceee80783d48bad37ccb3d8b1008ca825a9

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
firefox-128.12.0-1.el10_0.src.rpm SHA-256: 00cc52aa6710cdfe7c5ab91841e58bd46cdfae5712fdb9d788ebf96355bc0c55
x86_64
firefox-128.12.0-1.el10_0.x86_64.rpm SHA-256: 5888bc52c33cb1c457cf3f60c3f247369f92439141e2ecdc86a2b6d7cb3494bb
firefox-debuginfo-128.12.0-1.el10_0.x86_64.rpm SHA-256: 92cd81699dd1bcb857375be7f848fc7281d22367549e235bb0fcd4dce168c6be
firefox-debugsource-128.12.0-1.el10_0.x86_64.rpm SHA-256: cc0ed837674b1e01135ccee9bab980dbd687a46ed8f5056889b3467448108926

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.